Building Security Models To Help Make Business Decisions  Dave Cullinane Gordon Shevlin Preston Wood William Tang  04/29/0...
Common Questions from Exec Mgmt <ul><li>What have you done with the resources we gave you last year?  </li></ul><ul><li>Wh...
Agenda  Obtain Security & Business Metrics Establish a Security Framework Prove Security Return on Investment (ROI) Develo...
Security Framework
Security Controls Mapping
Security Controls Mapping
Security Gap Analysis
Agenda  Obtain Security & Business Metrics Establish a Security Framework Prove Security Return on Investment (ROI) Develo...
Obtain Business & Security Metrics
Obtain Business & Security Metrics
Agenda  Obtain Security & Business Metrics Establish a Security Framework Prove Security Return on Investment (ROI) Develo...
Prove Security ROI <ul><li>Understand that there are always assumptions, guesses, and estimates. </li></ul><ul><li>Start s...
Agenda  Obtain Security & Business Metrics Establish a Security Framework Prove Security Return on Investment (ROI) Develo...
Develop Security Strategy & Models
Q&A
Upcoming SlideShare
Loading in …5
×

RSA Conference 09 - Building Security Models to Support Business Decisions 090429

1,022 views
899 views

Published on

RSA Conference 2009 presentation on building security models to support business decisions.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,022
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Security funding and support can’t rely on regulatory drivers. Its time CISOs, Risk Mgmt officers, and other groups demonstrate security ROI and communicate security strategy in terms that executive management understands.
  • Understand the ‘forces’ that result in a change to the effectiveness of the security framework.
  • RSA Conference 09 - Building Security Models to Support Business Decisions 090429

    1. 1. Building Security Models To Help Make Business Decisions Dave Cullinane Gordon Shevlin Preston Wood William Tang 04/29/09 | Session ID: PROF-403
    2. 2. Common Questions from Exec Mgmt <ul><li>What have you done with the resources we gave you last year? </li></ul><ul><li>Why do you need more funding and resources? </li></ul><ul><li>How does this benefit the company? </li></ul>Provide insight to solve these challenges and real world examples Understand methodology and approach to leverage security and business metrics effectively Make more informed business decisions and prove security return on investment (ROI) Educate + Learn = Apply
    3. 3. Agenda Obtain Security & Business Metrics Establish a Security Framework Prove Security Return on Investment (ROI) Develop Forward Looking Strategy & Models
    4. 4. Security Framework
    5. 5. Security Controls Mapping
    6. 6. Security Controls Mapping
    7. 7. Security Gap Analysis
    8. 8. Agenda Obtain Security & Business Metrics Establish a Security Framework Prove Security Return on Investment (ROI) Develop Forward Looking Strategy & Models
    9. 9. Obtain Business & Security Metrics
    10. 10. Obtain Business & Security Metrics
    11. 11. Agenda Obtain Security & Business Metrics Establish a Security Framework Prove Security Return on Investment (ROI) Develop Forward Looking Strategy & Models
    12. 12. Prove Security ROI <ul><li>Understand that there are always assumptions, guesses, and estimates. </li></ul><ul><li>Start small and easy, focus on one aspect of security that is easy to analyze. </li></ul><ul><ul><li>Example of web application security </li></ul></ul><ul><li>Expand ROI analysis based on security framework and metrics. </li></ul><ul><li>Incorporate risk assessment methodology </li></ul>
    13. 13. Agenda Obtain Security & Business Metrics Establish a Security Framework Prove Security Return on Investment (ROI) Develop Forward Looking Strategy & Models
    14. 14. Develop Security Strategy & Models
    15. 15. Q&A

    ×